Vulnerability Spotlight: TALOS-2018-0529-531 – Multiple Vulnerabilities in NASA CFITSIO library
Vulnerabilities discovered by Tyler Bohan from Talos Overview Talos is disclosing three remote code execution vulnerabilities in the NASA CFITSIO library. CFITSIO is a library of C and Fortran subroutines...
Vulnerability Spotlight: Multiple Simple DirectMedia Layer Vulnerabilities
Vulnerabilities identified in Simple DirectMedia Layer's SDL2_Image library could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D.
Vulnerability Spotlight: Multiple Computerinsel PhotoLine PSD Code Execution Vulnerabilities
Cisco Talos discloses a vulnerability within the PSD-parsing functionality of Computerinsel Photoline, an image processing tool. PSD is a document format used by Adobe Photoshop and supported by many third-party applications.
Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities
Vulnerabilities discovered by Cory Duplantis from Talos Overview Talos has discovered multiple vulnerabilities in Natus NeuroWorks software. This software is used in the Natus Xltek EEG medical products from...
Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image
Overview Talos is disclosing several vulnerabilities identified in Simple DirectMedia Layer's SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low...
Vulnerability Spotlight: Dovecot out-of-bounds Read Vulnerability
Overview Today, Cisco Talos is disclosing a single out-of-bounds read vulnerability in the Dovecot IMAP server. Dovecot is a popular internet message access protocol, or IMAP, server...
Understanding the Attack Vectors of CVE-2018-0101 – Cisco ASA Remote Code Execution and Denial of Service Vulnerabilit …
On January 29, 2018, the Cisco PSIRT published a security advisory about a remote code execution and denial of service vulnerability affecting the Cisco ASA and Cisco Next-Generation Firewall platforms.
Vulnerability Spotlight: Ruby Rails Gem XSS Vulnerabilities
Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as ‘gems’. The two XSS vulnerabilities were discovered in two different gem packages: delayed_job_web and rails_admin. Ruby is widely used as a […]
Vulnerability Spotlight: Multiple Vulnerabilities in the CPP and Parity Ethereum Client
Talos discloses vulnerabilities in CPP and Parity Ethereum clients: a denial of service vulnerability in libevm, plus a permissive cross-domain (CORS) whitelist policy vulnerability in the Ethereum Parity client.